Add glama.json, fix license in README, add npx install option #30
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # APIbase.pro — CI/CD Deploy Pipeline (§12.12, §12.222) | |
| # | |
| # Pipeline: lint → typecheck → test → Docker build → push GHCR → SSH deploy → smoke test | |
| # Deploy strategy (Phase 1): 5-10s downtime acceptable. | |
| # Rollback: automatic on smoke test failure via scripts/deploy.sh. | |
| # | |
| # Required GitHub Secrets: | |
| # SSH_KEY — Private key for SSH to Hetzner server | |
| # SERVER_HOST — Hetzner server IP address | |
| # DEPLOY_USER — SSH username (not root) | |
| name: Deploy | |
| on: | |
| push: | |
| branches: [main] | |
| permissions: | |
| contents: read | |
| packages: write | |
| env: | |
| REGISTRY: ghcr.io | |
| IMAGE_NAME: ghcr.io/whiteknightonhorse/apibase | |
| IMAGE_TAG: sha-${{ github.sha }} | |
| jobs: | |
| # ------------------------------------------------------------------------- | |
| # Stage 1: Validate (lint + typecheck + test) | |
| # ------------------------------------------------------------------------- | |
| validate: | |
| name: Lint + Typecheck + Test | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: "20" | |
| cache: "npm" | |
| - name: Install dependencies | |
| run: npm ci --ignore-scripts | |
| - name: Generate Prisma client | |
| run: npx prisma generate | |
| - name: Lint | |
| run: npm run lint | |
| - name: Typecheck | |
| run: npm run typecheck | |
| - name: Unit tests | |
| run: npm run test -- --ci --passWithNoTests | |
| # ------------------------------------------------------------------------- | |
| # Stage 2: Build Docker image + push to GHCR | |
| # ------------------------------------------------------------------------- | |
| build: | |
| name: Build & Push Image | |
| needs: validate | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 15 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Log in to GHCR | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Build and push | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| file: docker/Dockerfile | |
| push: true | |
| tags: | | |
| ${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }} | |
| ${{ env.IMAGE_NAME }}:latest | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| # ------------------------------------------------------------------------- | |
| # Stage 3: Deploy to Hetzner via SSH | |
| # ------------------------------------------------------------------------- | |
| deploy: | |
| name: Deploy to Production | |
| needs: build | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| environment: production | |
| steps: | |
| - name: Setup SSH key | |
| run: | | |
| mkdir -p ~/.ssh | |
| echo "${{ secrets.SSH_KEY }}" > ~/.ssh/deploy_key | |
| chmod 600 ~/.ssh/deploy_key | |
| ssh-keyscan -H ${{ secrets.SERVER_HOST }} >> ~/.ssh/known_hosts 2>/dev/null | |
| - name: Deploy via SSH | |
| run: | | |
| ssh -i ~/.ssh/deploy_key -o StrictHostKeyChecking=no \ | |
| ${{ secrets.DEPLOY_USER }}@${{ secrets.SERVER_HOST }} \ | |
| "cd /home/apibase/apibase && bash scripts/deploy.sh ${{ github.sha }}" | |
| - name: Cleanup SSH key | |
| if: always() | |
| run: rm -f ~/.ssh/deploy_key |